82a042f9b430725760a1f6d7e973bdee[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

82a042f9b430725760a1f6d7e973bdee.bin
Size

8.0MB
MD5

887b8f4bb43bfc6aaf55914e47c56a70
SHA1

068f94cfc38d6ee46754b0fcab6a02d729589a7c
SHA256

921dbe0de51c231d0612cb5317df7491bbcf2f5d8c348e747c846316ec80f72b
SHA512

464df353008b0ea82aee1e2062c01010e05f4a09b52235ad531792e636ffbc4c65f9f278d61a20bc9a2ec342883b54daed60aabf571836de3508ea5a434e7677
SSDEEP

196608:FwusKp1TZ6za/llNuwDgONGbxBphnJJigdKKM+f7TYhZ:DOIlllDgqGbnLqSlpfvAZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 14 IoCs

Checks for missing Authenticode signature.

resource
unpack001/3f0eb9a74b68d6339bc61d8244cd4723905dd4d533582df902e812f14aa012d2.exe
unpack002/$PLUGINSDIR/AccessControl.dll
unpack002/$PLUGINSDIR/FontName.dll
unpack002/$PLUGINSDIR/StartMenu.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/UAC.dll
unpack002/$PLUGINSDIR/nsDialogs.dll
unpack002/Debug4x.exe
unpack002/EMU48.dll
unpack002/Emu/DDE48.exe
unpack002/Emu/EMU48.EXE
unpack002/Emu/Mkshared.exe
unpack002/hptoolsdll.dll
unpack002/uninst.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
static1/unpack001/3f0eb9a74b68d6339bc61d8244cd4723905dd4d533582df902e812f14aa012d2.exe	nsis_installer_1
static1/unpack001/3f0eb9a74b68d6339bc61d8244cd4723905dd4d533582df902e812f14aa012d2.exe	nsis_installer_2
static1/unpack002/uninst.exe	nsis_installer_1
static1/unpack002/uninst.exe	nsis_installer_2

Files

82a042f9b430725760a1f6d7e973bdee.bin
.zip

Password: infected
3f0eb9a74b68d6339bc61d8244cd4723905dd4d533582df902e812f14aa012d2.exe
.exe windows:4 windows x86 arch:x86

Password: infected

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 132KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$DOCUMENTS/Debug4x/Emu/Default 48GII.E49
$DOCUMENTS/Debug4x/Emu/Default 48GX.E48
$DOCUMENTS/Debug4x/Emu/Default 49G+.E49
$DOCUMENTS/Debug4x/Emu/Default 49G.E49
$DOCUMENTS/Debug4x/Emu/Default 50g.E49
$DOCUMENTS/Debug4x/Examples/ASM1/ASM1.HPP
$DOCUMENTS/Debug4x/Examples/ASM1/ASM1.a
$DOCUMENTS/Debug4x/Examples/ASM1/ASM1.l
$DOCUMENTS/Debug4x/Examples/ASM1/ASM1.lr
$DOCUMENTS/Debug4x/Examples/ASM1/ASM1.s
$DOCUMENTS/Debug4x/Examples/ASM1/ASM1_A49.a
$DOCUMENTS/Debug4x/Examples/ASM1/ASM1_A49.hp
$DOCUMENTS/Debug4x/Examples/ASM1/Sat1.hp
$DOCUMENTS/Debug4x/Examples/DeCompress/CopyDeCompToInclude.bat
$DOCUMENTS/Debug4x/Examples/DeCompress/DeComp_BZ2_48.HP
$DOCUMENTS/Debug4x/Examples/DeCompress/DeComp_BZ2_48.HPP
$DOCUMENTS/Debug4x/Examples/DeCompress/DeComp_BZ2_48.ext
$DOCUMENTS/Debug4x/Examples/DeCompress/DeComp_BZ2_48.o
$DOCUMENTS/Debug4x/Examples/DeCompress/DeComp_BZ2_48.s
$DOCUMENTS/Debug4x/Examples/DeCompress/DeComp_BZ2_49.HP
$DOCUMENTS/Debug4x/Examples/DeCompress/DeComp_BZ2_49.HPP
$DOCUMENTS/Debug4x/Examples/DeCompress/DeComp_BZ2_49.ext
$DOCUMENTS/Debug4x/Examples/DeCompress/DeComp_BZ2_49.o
$DOCUMENTS/Debug4x/Examples/DeCompress/DeComp_BZ2_49.s
$DOCUMENTS/Debug4x/Examples/DeCompress/DeComp_BZ_49.HP
$DOCUMENTS/Debug4x/Examples/DeCompress/DeComp_BZ_49.HPP
$DOCUMENTS/Debug4x/Examples/DeCompress/DeComp_BZ_49.ext
$DOCUMENTS/Debug4x/Examples/DeCompress/DeComp_BZ_49.o
$DOCUMENTS/Debug4x/Examples/DeCompress/DeComp_BZ_49.s
$DOCUMENTS/Debug4x/Examples/DeCompress/DeComp_eBZ2_49.HP
$DOCUMENTS/Debug4x/Examples/DeCompress/DeComp_eBZ2_49.HPP
$DOCUMENTS/Debug4x/Examples/DeCompress/DeComp_eBZ2_49.ext
$DOCUMENTS/Debug4x/Examples/DeCompress/DeComp_eBZ2_49.o
$DOCUMENTS/Debug4x/Examples/DeCompress/DeComp_eBZ2_49.s
$DOCUMENTS/Debug4x/Examples/DeCompress/DeComp_eBZ_49.HP
$DOCUMENTS/Debug4x/Examples/DeCompress/DeComp_eBZ_49.HPP
$DOCUMENTS/Debug4x/Examples/DeCompress/DeComp_eBZ_49.ext
$DOCUMENTS/Debug4x/Examples/DeCompress/DeComp_eBZ_49.o
$DOCUMENTS/Debug4x/Examples/DeCompress/DeComp_eBZ_49.s
$DOCUMENTS/Debug4x/Examples/Demo/Demo.H
$DOCUMENTS/Debug4x/Examples/Demo/Demo.HP
$DOCUMENTS/Debug4x/Examples/Demo/Demo.HPP
$DOCUMENTS/Debug4x/Examples/Demo/Demo.l
$DOCUMENTS/Debug4x/Examples/Demo/Demo.lr
$DOCUMENTS/Debug4x/Examples/Demo/Demo.s
$DOCUMENTS/Debug4x/Examples/Demo/DemoInf.l
$DOCUMENTS/Debug4x/Examples/Demo/DemoInf.s
$DOCUMENTS/Debug4x/Examples/Demo/Demo_A49.HP
$DOCUMENTS/Debug4x/Examples/Demo/Demo_Cmprs.h
$DOCUMENTS/Debug4x/Examples/Demo/Demo_def.h
$DOCUMENTS/Debug4x/Examples/Direct/DirMacro.s
$DOCUMENTS/Debug4x/Examples/Direct/Direct.HP
$DOCUMENTS/Debug4x/Examples/Direct/Direct.HPP
$DOCUMENTS/Debug4x/Examples/Direct/Direct.S
$DOCUMENTS/Debug4x/Examples/Direct/Direct.a
$DOCUMENTS/Debug4x/Examples/Direct/Direct.l
$DOCUMENTS/Debug4x/Examples/Direct/Direct.lr
$DOCUMENTS/Debug4x/Examples/Direct/Direct_A49.HP
$DOCUMENTS/Debug4x/Examples/Direct/Direct_A49.a
$DOCUMENTS/Debug4x/Examples/Direct/More.s
$DOCUMENTS/Debug4x/Examples/Inform/Config.l
$DOCUMENTS/Debug4x/Examples/Inform/Config.s
$DOCUMENTS/Debug4x/Examples/Inform/Inf.l
$DOCUMENTS/Debug4x/Examples/Inform/Inf.s
$DOCUMENTS/Debug4x/Examples/Inform/Inform.HPP
$DOCUMENTS/Debug4x/Examples/Inform/Inform_A49.HP
$DOCUMENTS/Debug4x/Examples/Inform/Main.l
$DOCUMENTS/Debug4x/Examples/Inform/Main.s
$DOCUMENTS/Debug4x/Examples/Inform/inform.H
$DOCUMENTS/Debug4x/Examples/Inform/inform.HP
$DOCUMENTS/Debug4x/Examples/Inform/inform.lr
$DOCUMENTS/Debug4x/Examples/Library/123.S
$DOCUMENTS/Debug4x/Examples/Library/123.l
$DOCUMENTS/Debug4x/Examples/Library/456.S
$DOCUMENTS/Debug4x/Examples/Library/456.l
$DOCUMENTS/Debug4x/Examples/Library/Add.S
$DOCUMENTS/Debug4x/Examples/Library/Add.l
$DOCUMENTS/Debug4x/Examples/Library/Lib.H
$DOCUMENTS/Debug4x/Examples/Library/Lib.HP
$DOCUMENTS/Debug4x/Examples/Library/Lib.HPP
$DOCUMENTS/Debug4x/Examples/Library/Lib.lr
$DOCUMENTS/Debug4x/Examples/Library/Lib_A49.HP
$DOCUMENTS/Debug4x/Examples/Library/Lib_A49.l
$DOCUMENTS/Debug4x/Examples/Library/Lib_A49.s
$DOCUMENTS/Debug4x/Examples/Message/MTL.H
$DOCUMENTS/Debug4x/Examples/Message/MTL.HP
$DOCUMENTS/Debug4x/Examples/Message/MTL.HPP
$DOCUMENTS/Debug4x/Examples/Message/MTL.l
$DOCUMENTS/Debug4x/Examples/Message/MTL.lr
$DOCUMENTS/Debug4x/Examples/Message/MTL.s
$DOCUMENTS/Debug4x/Examples/Message/MTL_A49.HP
$DOCUMENTS/Debug4x/Examples/Message/MTL_A49.l
$DOCUMENTS/Debug4x/Examples/Message/MTL_A49.s
$DOCUMENTS/Debug4x/Examples/Simple/SInf.S
$DOCUMENTS/Debug4x/Examples/Simple/SInf.a
$DOCUMENTS/Debug4x/Examples/Simple/SInf.l
$DOCUMENTS/Debug4x/Examples/Simple/Simp.HP
$DOCUMENTS/Debug4x/Examples/Simple/Simp.HPP
$DOCUMENTS/Debug4x/Examples/Simple/Simp.lr
$DOCUMENTS/Debug4x/Examples/Simple/Simp_A49.a
$DOCUMENTS/Debug4x/Examples/Simple/Simp_A49.hp
$DOCUMENTS/Debug4x/Examples/UserRPL/RPL1.s
$DOCUMENTS/Debug4x/Examples/UserRPL/UserRPL.HPP
$DOCUMENTS/Debug4x/Include/DeComp_BZ2_48.HP
$DOCUMENTS/Debug4x/Include/DeComp_BZ2_48.HPP
$DOCUMENTS/Debug4x/Include/DeComp_BZ2_48.ext
$DOCUMENTS/Debug4x/Include/DeComp_BZ2_48.o
$DOCUMENTS/Debug4x/Include/DeComp_BZ2_48.s
$DOCUMENTS/Debug4x/Include/DeComp_BZ2_49.HP
$DOCUMENTS/Debug4x/Include/DeComp_BZ2_49.HPP
$DOCUMENTS/Debug4x/Include/DeComp_BZ2_49.ext
$DOCUMENTS/Debug4x/Include/DeComp_BZ2_49.o
$DOCUMENTS/Debug4x/Include/DeComp_BZ2_49.s
$DOCUMENTS/Debug4x/Include/DeComp_BZ_49.HP
$DOCUMENTS/Debug4x/Include/DeComp_BZ_49.ext
$DOCUMENTS/Debug4x/Include/DeComp_BZ_49.o
$DOCUMENTS/Debug4x/Include/DeComp_eBZ2_49.HP
$DOCUMENTS/Debug4x/Include/DeComp_eBZ2_49.HPP
$DOCUMENTS/Debug4x/Include/DeComp_eBZ2_49.ext
$DOCUMENTS/Debug4x/Include/DeComp_eBZ2_49.o
$DOCUMENTS/Debug4x/Include/DeComp_eBZ2_49.s
$DOCUMENTS/Debug4x/Include/DeComp_eBZ_49.HP
$DOCUMENTS/Debug4x/Include/DeComp_eBZ_49.ext
$DOCUMENTS/Debug4x/Include/DeComp_eBZ_49.o
$DOCUMENTS/Debug4x/Include/Header.h
$DOCUMENTS/Debug4x/Include/Suprom48.a
.js
$DOCUMENTS/Debug4x/Include/Suprom48.lr
$DOCUMENTS/Debug4x/Include/Suprom48.o
$DOCUMENTS/Debug4x/Include/Suprom48.stk
$DOCUMENTS/Debug4x/Include/Suprom49.a
$DOCUMENTS/Debug4x/Include/Suprom49.lr
$DOCUMENTS/Debug4x/Include/Suprom49.o
$DOCUMENTS/Debug4x/Include/Suprom49.stk
$DOCUMENTS/Debug4x/Include/TemplateSysRPL.inc
$DOCUMENTS/Debug4x/Include/TemplateUserRPL.inc
$DOCUMENTS/Debug4x/Include/UserRPL48.stk
$DOCUMENTS/Debug4x/Include/UserRPL49.stk
$DOCUMENTS/Debug4x/Include/informbox.h
$DOCUMENTS/Debug4x/Include/informbox48.h
$PLUGINSDIR/AccessControl.dll
.dll windows:4 windows x86 arch:x86

Password: infected

ed83f419402bc3b83a08e3aaf8b5b5b7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

ConvertStringSidToSidA
LookupAccountNameA
AdjustTokenPrivileges
LookupPrivilegeValueA
GetUserNameA
SetNamedSecurityInfoA
SetEntriesInAclA
BuildExplicitAccessWithNameA
GetNamedSecurityInfoA
OpenProcessToken
LookupAccountSidA
ConvertSidToStringSidA
GetSidSubAuthority
GetSidSubAuthorityCount

kernel32

lstrcmpiA
lstrcpyA
LocalAlloc
lstrlenA
LocalFree
GetLastError
GlobalFree
lstrcpynA
GlobalAlloc
GetFileAttributesA
CloseHandle
GetCurrentProcess
lstrcatA

user32

wsprintfA

Exports

Exports

ClearOnFile
ClearOnRegKey
DenyOnFile
DenyOnRegKey
DisableFileInheritance
DisableRegKeyInheritance
EnableFileInheritance
EnableRegKeyInheritance
GetCurrentUserName
GetFileGroup
GetFileOwner
GetRegKeyGroup
GetRegKeyOwner
GrantOnFile
GrantOnRegKey
IsUserTheAdministrator
RevokeOnFile
RevokeOnRegKey
SetFileGroup
SetFileOwner
SetOnFile
SetOnRegKey
SetRegKeyGroup
SetRegKeyOwner
SidToName

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 780B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/FontName.dll
.dll windows:1 windows x86 arch:x86

Password: infected

fea237b37a91d4f35bea017986d8b230

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
GetEnvironmentStringsA
GetFileSize
GetLastError
CloseHandle
GlobalAlloc
GlobalFree
MapViewOfFile
CreateFileA
CreateFileMappingA
RtlUnwind
UnmapViewOfFile

crtdll

_fdopen
_memicmp
_open_osfhandle
fclose
_cexit
malloc
memcpy
memset
printf
raise
setbuf
sprintf
strcpy

Exports

Exports

name
version

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 84B - Virtual size: 84B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.data
Size: 160B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 840B - Virtual size: 840B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 248B - Virtual size: 248B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE

.edata
Size: 124B - Virtual size: 124B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StartMenu.dll
.dll windows:4 windows x86 arch:x86

Password: infected

a648aeaa164b592c1e8892a10400b5ae

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
lstrcatA
FindClose
FindNextFileA
MulDiv
GlobalFree
lstrcpynA
GlobalAlloc
lstrcmpiA
FindFirstFileA
lstrcpyA

user32

TranslateMessage
GetMessageA
IsDialogMessageA
PostMessageA
DispatchMessageA
GetWindowLongA
CheckDlgButton
ShowWindow
LoadIconA
GetClientRect
MoveWindow
ScreenToClient
GetWindowRect
ReleaseDC
GetDC
EnableWindow
SetWindowTextA
SendMessageA
IsDlgButtonChecked
GetWindowTextA
DestroyWindow
GetDlgItem
CreateDialogParamA
SetWindowLongA
wsprintfA
CallWindowProcA

gdi32

GetTextMetricsA
SelectObject

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

CoTaskMemFree

Exports

Exports

Init
Select
Show

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 518B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

Password: infected

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UAC.dll
.dll windows:4 windows x86 arch:x86

Password: infected

2274cc1534607459cdd304a928601ef9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateProcessA
GlobalAlloc
lstrlenA
lstrcpynA
GetVersionExA
lstrcmpiA
GetCurrentThreadId
LoadLibraryA
FreeLibrary
GetLastError
GetExitCodeProcess
WaitForSingleObject
DuplicateHandle
Sleep
GetCurrentProcessId
CreateThread
GetCommandLineA
OpenProcess
MultiByteToWideChar
FormatMessageA
LocalFree
GlobalFree
CloseHandle
SetLastError
GetModuleFileNameA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetProcAddress
GetModuleHandleA

user32

SendMessageW
DialogBoxParamA
CharNextA
UnhookWindowsHookEx
CallNextHookEx
GetClassNameA
SetWindowsHookExA
SendMessageTimeoutA
WaitForInputIdle
DefWindowProcA
PostMessageA
GetLastActivePopup
PostQuitMessage
SetForegroundWindow
DispatchMessageA
GetMessageA
CreateWindowExA
RegisterClassA
UnregisterClassA
GetWindowTextA
TranslateMessage
IsDialogMessageA
PeekMessageA
MsgWaitForMultipleObjects
IsWindow
GetWindowThreadProcessId
MessageBoxA
SetWindowLongA
LoadImageA
DestroyWindow
GetWindowLongA
EnableWindow
ShowWindow
SetWindowTextA
wsprintfA
GetDlgItem
SendMessageA
LoadStringA
EndDialog

advapi32

RegCloseKey
QueryServiceStatus
OpenServiceA
CloseServiceHandle
OpenSCManagerA
OpenProcessToken
RegQueryValueExA
RegOpenKeyExA

shell32

ShellExecuteExA

ole32

CoInitialize
CoUninitialize

Exports

Exports

Exec
ExecCodeSegment
ExecWait
GetElevationType
GetOuterHwnd
GetShellFolderPath
IsAdmin
RunElevated
ShellExec
ShellExecWait
StackPush
SupportsUAC
Unload

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

Password: infected

1e2884056e655f2b7bc5a904e352fc80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GetFileAttributesA
lstrcmpiA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
HeapAlloc
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
GetProcessHeap
SetCurrentDirectoryA

user32

GetPropA
DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
RemovePropA
CharPrevA
GetWindowLongA
DrawTextA
GetWindowTextA
GetDlgItem
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapWindowPoints
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
MapDialogRect
GetClientRect
CharNextA
SendMessageA
DrawFocusRect

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_12_/HP48.TTF
Debug4x.chm
.chm
Debug4x.exe
.exe windows:4 windows x86 arch:x86

Password: infected

1b68a78cfcffb7d9447c3fcbc7262703

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegFlushKey
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
CreateWindowExA
WindowFromPoint
WindowFromDC
WaitMessage
ValidateRect
UpdateWindow
UnregisterClassA
UnionRect
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoA
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCaret
SetWindowsHookExA
SetWindowTextA
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetWindowLongA
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropA
SetParent
SetMenuItemInfoA
SetMenu
SetKeyboardState
SetForegroundWindow
SetFocus
SetCursor
SetClipboardData
SetClassLongA
SetCaretPos
SetCapture
SetActiveWindow
SendMessageW
SendMessageA
SendDlgItemMessageA
ScrollWindowEx
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassA
RedrawWindow
PtInRect
PostQuitMessage
PostMessageA
PeekMessageW
PeekMessageA
OpenClipboard
OffsetRect
OemToCharA
MsgWaitForMultipleObjects
MoveWindow
MessageBoxA
MessageBeep
MapWindowPoints
MapVirtualKeyA
LoadStringA
LoadKeyboardLayoutA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageW
IsDialogMessageA
IsClipboardFormatAvailable
IsChild
IsCharAlphaNumericA
IsCharAlphaA
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
HideCaret
GetWindowThreadProcessId
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowLongA
GetWindowDC
GetUpdateRect
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetWindow
GetMessageTime
GetMessagePos
GetMenuStringA
GetMenuState
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameA
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetIconInfo
GetForegroundWindow
GetFocus
GetDoubleClickTime
GetDlgItem
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameA
GetClassLongA
GetClassInfoA
GetCaretPos
GetCapture
GetActiveWindow
FrameRect
FindWindowA
FillRect
EqualRect
EnumWindows
EnumThreadWindows
EnumClipboardFormats
EnumChildWindows
EndPaint
EndDeferWindowPos
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExA
DrawTextA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageW
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DestroyCaret
DeleteMenu
DeferWindowPos
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreatePopupMenu
CreateMenu
CreateIcon
CreateCaret
CloseClipboard
ClientToScreen
ChildWindowFromPoint
CheckMenuItem
CallWindowProcA
CallNextHookEx
BeginPaint
BeginDeferWindowPos
CharNextA
CharLowerBuffA
CharLowerA
CharUpperBuffA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout
DdeFreeStringHandle
DdeCreateStringHandleA
DdeClientTransaction
DdeDisconnect
DdeConnect
DdeInitializeA

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
SetCurrentDirectoryA
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCurrentDirectoryA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringA
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
lstrlenA
lstrcpyA
lstrcmpA
WritePrivateProfileStringA
WriteFile
WaitForSingleObject
VirtualQuery
VirtualAlloc
TerminateProcess
SizeofResource
SetThreadPriority
SetThreadLocale
SetFilePointer
SetFileAttributesA
SetEvent
SetErrorMode
SetEnvironmentVariableA
SetEndOfFile
SetCurrentDirectoryA
ResumeThread
ResetEvent
ReadFile
QueryPerformanceFrequency
MulDiv
LockResource
LoadResource
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalSize
GlobalHandle
GlobalLock
GlobalFree
GlobalFindAtomA
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomA
GetVersionExA
GetVersion
GetTickCount
GetThreadLocale
GetStringTypeExA
GetStdHandle
GetProfileStringA
GetProcAddress
GetPrivateProfileStringA
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetFileAttributesA
GetExitCodeThread
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCommandLineA
GetCPInfo
FreeResource
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
FreeLibrary
FormatMessageA
FindResourceA
FindNextFileA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
EnumCalendarInfoA
EnterCriticalSection
DeleteFileA
DeleteCriticalSection
CreateThread
CreateFileA
CreateEventA
CreateDirectoryA
CompareStringA
CloseHandle
Sleep
MulDiv

msimg32

GradientFill

gdi32

UnrealizeObject
TextOutA
StretchBlt
StartPage
StartDocA
SetWindowOrgEx
SetWindowExtEx
SetWinMetaFileBits
SetViewportOrgEx
SetViewportExtEx
SetTextCharacterExtra
SetTextColor
SetTextAlign
SetStretchBltMode
SetROP2
SetPixel
SetMapMode
SetEnhMetaFileBits
SetDIBitsToDevice
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SetAbortProc
SelectPalette
SelectObject
SelectClipRgn
SaveDC
RoundRect
RestoreDC
Rectangle
RectVisible
RealizePalette
Polyline
Polygon
PolyPolyline
PlayEnhMetaFile
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsA
GetTextExtentPointA
GetTextExtentPoint32A
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectA
GetNearestColor
GetFontLanguageInfo
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipBox
GetCharABCWidthsA
GetBrushOrgEx
GetBitmapBits
GdiFlush
ExtTextOutA
ExtSelectClipRgn
ExtCreatePen
ExcludeClipRect
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePenIndirect
CreatePen
CreatePalette
CreateICA
CreateHalftonePalette
CreateFontIndirectA
CreateDIBitmap
CreateDIBSection
CreateDCA
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileA
CombineRgn
BitBlt
AbortDoc

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

ole32

ReleaseStgMedium
RevokeDragDrop
RegisterDragDrop
OleUninitialize
OleInitialize
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoInitialize

comctl32

_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_SetDragCursorImage
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_Add
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls

imm32

ImmSetCompositionWindow
ImmSetCompositionFontA
ImmGetCompositionStringA
ImmReleaseContext
ImmGetContext

urlmon

URLDownloadToFileA

shell32

ShellExecuteA
SHGetFileInfoA
DragQueryPoint
DragQueryFileA
DragFinish
DragAcceptFiles
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc
SHBrowseForFolderA

winspool.drv

OpenPrinterA
EnumPrintersA
DocumentPropertiesA
ClosePrinter

comdlg32

PrintDlgA
ChooseFontA
ChooseColorA
GetSaveFileNameA
GetOpenFileNameA

emu48

_EmuCalculatorType@0
_EmuEnableSkipInterruptCode@4
_EmuClearBreakpoint@8
_EmuSetBreakpoint@8
_EmuCallBackDebugNotify@4
_EmuCallBackDocumentNotify@4
_EmuCallBackClose@4
_EmuEnableRplBreakpoint@4
_EmuGetRom@4
_EmuSetMem@8
_EmuGetMem@8
_EmuSetRegister@8
_EmuGetRegister@4
_EmuStep@0
_EmuStop@0
_EmuRun@0
_EmuGetLastInstr@4
_EmuInitLastInstr@8
_EmuSimulateKey@12
_EmuLoadObject@4
_EmuDestroy@0
_EmuCreateEx@8
_EmuCreate@4

hhctrl.ocx

HtmlHelpA

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 83KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 64B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
EMU48.dll
.dll windows:5 windows x86 arch:x86

e93c63187b2b1982f824ce33c842bacb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

timeEndPeriod
timeGetDevCaps
timeBeginPeriod
waveOutOpen
waveOutPrepareHeader
waveOutWrite
waveOutUnprepareHeader
waveOutClose
timeGetTime
timeKillEvent
timeSetEvent

kernel32

ResumeThread
SetThreadAffinityMask
CreateThread
CreateEventA
GetCurrentDirectoryA
QueryPerformanceFrequency
GetModuleHandleA
ReadFile
GetFileSize
WaitForSingleObject
ResetEvent
Beep
GetVersionExA
lstrcatA
MapViewOfFile
GetLastError
CreateFileMappingA
UnmapViewOfFile
SetEndOfFile
WriteFile
SetFilePointer
GetTickCount
FindClose
FindNextFileA
FindFirstFileA
GetOverlappedResult
SetCommMask
SetCommState
ClearCommBreak
SetCommBreak
PurgeComm
WaitCommEvent
ClearCommError
SetThreadPriority
SetCommTimeouts
GetLocalTime
GetStartupInfoW
GetFileType
SetHandleCount
TerminateThread
GetStringTypeW
LoadLibraryW
InitializeCriticalSectionAndSpinCount
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
EncodePointer
GetModuleFileNameW
GetStdHandle
HeapDestroy
HeapCreate
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCommandLineA
HeapReAlloc
DecodePointer
ExitProcess
GetModuleHandleW
GetProcAddress
HeapAlloc
HeapFree
DeleteCriticalSection
GetModuleFileNameA
InitializeCriticalSection
lstrcpynA
SetFileAttributesA
GetFullPathNameA
lstrcmpiA
CreateFileA
CloseHandle
SetCurrentDirectoryA
GetFileAttributesA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetCurrentThreadId
lstrcpyA
QueryPerformanceCounter
EnterCriticalSection
LeaveCriticalSection
lstrlenA
SetEvent
Sleep
lstrcmpA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringW
HeapSize
MultiByteToWideChar
RtlUnwind

user32

GetMenuItemID
GetSubMenu
SetCursor
wvsprintfA
PostMessageA
GetWindowPlacement
SetWindowPlacement
UnregisterClassA
GetMenu
DeleteMenu
LoadIconA
GetMenuItemCount
CreateWindowExA
LoadAcceleratorsA
DdeInitializeA
RegisterClipboardFormatA
DdeCreateStringHandleA
DdeNameService
ShowWindow
InsertMenuA
GetMenuStringA
MessageBeep
GetClipboardData
IsClipboardFormatAvailable
RegisterClassA
DdeFreeStringHandle
DdeUninitialize
DefWindowProcA
GetActiveWindow
DialogBoxParamA
DestroyWindow
EnableMenuItem
BeginPaint
EndPaint
ReleaseDC
DestroyCursor
LoadCursorA
GetDC
IsDlgButtonChecked
GetDlgItemTextA
EndDialog
SetDlgItemTextA
CheckDlgButton
GetDlgItem
EnableWindow
SendDlgItemMessageA
SendMessageA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
SetForegroundWindow
SetWindowTextA
MessageBoxA
AdjustWindowRect
SetWindowPos
GetClientRect
InvalidateRect
wsprintfA
DdeQueryStringA
DdeAccessData
DdeUnaccessData
DdeGetData
DdeCreateDataHandle
CreateCursor

gdi32

CreatePalette
GetPaletteEntries
GetDIBits
GetObjectA
CreateCompatibleBitmap
GetStockObject
BitBlt
SetPixel
GetPixel
PatBlt
LineTo
MoveToEx
SetWindowOrgEx
GdiFlush
StretchBlt
DeleteObject
DeleteDC
SetDIBColorTable
RealizePalette
SelectPalette
SelectObject
CreateDIBitmap
CreateCompatibleDC
CreateDIBSection

comdlg32

GetOpenFileNameA
GetSaveFileNameA

advapi32

RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegEnumValueA
RegCloseKey
RegDeleteValueA

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
DragQueryFileA
DragFinish
DragAcceptFiles
SHGetMalloc

Exports

Exports

_EmuAcceleratorTable@4
_EmuCalculatorType@0
_EmuCallBackClose@4
_EmuCallBackDebugNotify@4
_EmuCallBackDocumentNotify@4
_EmuCallBackStackNotify@4
_EmuClearAllBreakpoints@0
_EmuClearBreakpoint@8
_EmuCreate@4
_EmuCreateEx@8
_EmuDestroy@0
_EmuEnableDoCodeBreakpoint@4
_EmuEnableNop3Breakpoint@4
_EmuEnableRplBreakpoint@4
_EmuEnableSkipInterruptCode@4
_EmuGetLastInstr@4
_EmuGetMem@8
_EmuGetRegister@4
_EmuGetRom@4
_EmuInitLastInstr@8
_EmuLoadObject@4
_EmuLoadRamFile@4
_EmuPressOn@4
_EmuRun@0
_EmuRunPC@4
_EmuSaveObject@4
_EmuSaveRamFile@0
_EmuSetBreakpoint@8
_EmuSetMem@8
_EmuSetRegister@8
_EmuSimulateKey@12
_EmuStep@0
_EmuStepOut@0
_EmuStepOver@0
_EmuStop@0

Sections

.text
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Emu/Beep.48G
Emu/Beep.49G
Emu/DDE48.exe
.exe windows:4 windows x86 arch:x86

23da20005aae0f0d675c2a54c4baf7a7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
LocalAlloc
WriteFile
LocalFree
ReadFile
CloseHandle
GetFileSize
CreateFileA
lstrcmpiA
GetEnvironmentStringsW
GetEnvironmentStrings
SetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
SetFilePointer
FlushFileBuffers
GetLastError
LoadLibraryA
GetProcAddress
HeapReAlloc
VirtualAlloc
GetOEMCP
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
lstrcmpA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetACP
HeapCreate
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapDestroy
VirtualFree
HeapFree
RtlUnwind
HeapAlloc
GetCPInfo

user32

ShowWindow
SetForegroundWindow
DdeGetData
GetClassNameA
DdeInitializeA
wsprintfA
RegisterClipboardFormatA
DdeCreateStringHandleA
DdeConnect
DdeClientTransaction
DdeQueryConvInfo
GetWindowThreadProcessId
EnumThreadWindows
DdeDisconnect
DdeFreeStringHandle
DdeUninitialize

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Emu/DDE48.txt
Emu/Debugger.txt
Emu/Default 48GX.bin
Emu/EMU KeysOnPC.txt
Emu/EMU48.EXE
.exe windows:5 windows x86 arch:x86

7ea7fa1c078cccd8a3af3b676d61ee46

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeEndPeriod
timeGetDevCaps
timeBeginPeriod
waveOutOpen
waveOutPrepareHeader
waveOutWrite
waveOutUnprepareHeader
waveOutClose
timeGetTime
timeKillEvent
timeSetEvent

comctl32

CreateToolbarEx
ord17

kernel32

DeleteCriticalSection
TerminateThread
ResumeThread
SetThreadAffinityMask
CreateThread
GetCurrentDirectoryA
QueryPerformanceFrequency
WaitForSingleObject
ResetEvent
Beep
GetVersionExA
lstrcatA
GetFileSize
MapViewOfFile
GetLastError
CreateFileMappingA
UnmapViewOfFile
SetEndOfFile
SetFilePointer
GetTickCount
FindClose
FindNextFileA
FindFirstFileA
GetOverlappedResult
SetCommMask
SetCommState
ClearCommBreak
SetCommBreak
PurgeComm
WaitCommEvent
ClearCommError
SetThreadPriority
SetCommTimeouts
GetLocalTime
GetSystemTimeAsFileTime
GetCurrentProcessId
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
InitializeCriticalSection
LoadLibraryW
InitializeCriticalSectionAndSpinCount
MultiByteToWideChar
LCMapStringW
WideCharToMultiByte
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
EncodePointer
GetModuleFileNameW
GetStdHandle
HeapCreate
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoW
HeapSetInformation
GetCommandLineA
HeapReAlloc
DecodePointer
ExitProcess
GetModuleHandleW
GetProcAddress
HeapAlloc
HeapFree
SetFileAttributesA
GetFullPathNameA
lstrcmpiA
CreateFileA
SetCurrentDirectoryA
GetStringTypeW
GetFileAttributesA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetCurrentThreadId
QueryPerformanceCounter
EnterCriticalSection
LeaveCriticalSection
CloseHandle
CreateEventA
WriteFile
ReadFile
MulDiv
FindResourceA
LoadResource
LockResource
FreeResource
SetEvent
lstrcpynA
lstrlenA
lstrcpyA
Sleep
lstrcmpA
GetConsoleCP
GetConsoleMode
HeapSize
RtlUnwind
SetStdHandle
WriteConsoleW
CreateFileW
GetModuleFileNameA
FlushFileBuffers

user32

GetMenuItemCount
GetMenuItemID
SetCursor
wvsprintfA
SetWindowPlacement
RegisterClassA
CreateWindowExA
LoadAcceleratorsA
DdeInitializeA
RegisterClipboardFormatA
DdeCreateStringHandleA
DdeNameService
GetMessageA
IsDialogMessageA
TranslateAcceleratorA
InsertMenuA
DispatchMessageA
DdeFreeStringHandle
DdeUninitialize
DefWindowProcA
BeginPaint
EndPaint
DestroyCursor
PostQuitMessage
LoadCursorA
OpenClipboard
EmptyClipboard
CloseClipboard
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
SetForegroundWindow
DeleteMenu
GetMenuStringA
MessageBeep
GetClipboardData
IsClipboardFormatAvailable
TranslateMessage
AdjustWindowRect
GetClientRect
GetWindowPlacement
DestroyMenu
SetWindowPos
LoadIconA
GetSystemMenu
AppendMenuA
LoadMenuA
GetSubMenu
GetSysColor
ChildWindowFromPointEx
ShowWindow
GetDC
ReleaseDC
LoadBitmapA
DrawFocusRect
DialogBoxParamA
IsDlgButtonChecked
EndDialog
SetWindowTextA
GetDlgItemTextA
CreateDialogParamA
CheckDlgButton
GetWindowTextLengthA
GetWindowTextA
DestroyWindow
PostMessageA
GetParent
GetActiveWindow
GetDlgCtrlID
TrackPopupMenu
SetFocus
InvalidateRect
SendDlgItemMessageA
GetDlgItem
EnableWindow
CheckMenuItem
SetDlgItemTextA
GetMenu
EnableMenuItem
SendMessageA
wsprintfA
MessageBoxA
DdeQueryStringA
DdeAccessData
DdeUnaccessData
DdeGetData
DdeCreateDataHandle
CreateCursor
SetClipboardData

gdi32

SetDIBColorTable
RealizePalette
SelectPalette
CreateDIBSection
GdiFlush
StretchBlt
SetWindowOrgEx
GetDeviceCaps
GetPaletteEntries
GetDIBits
GetObjectA
CreateCompatibleBitmap
CreateDIBitmap
SetPixel
GetPixel
PatBlt
LineTo
MoveToEx
CreateFontA
DeleteObject
GetTextMetricsA
GetStockObject
SetBkColor
SetTextColor
ExtTextOutA
CreateCompatibleDC
DeleteDC
CreatePalette
SelectObject
BitBlt

comdlg32

GetSaveFileNameA
GetOpenFileNameA

advapi32

RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegEnumValueA
RegCloseKey
RegDeleteValueA

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
DragQueryFileA
DragFinish
DragAcceptFiles
SHGetMalloc

Sections

.text
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Emu/EMU48.txt
Emu/Emu48Ini.txt
Emu/Jemac.kmi
Emu/KML_20.doc
.rtf .doc
Emu/Mkshared.exe
.exe windows:4 windows x86 arch:x86

6bf1e61cc2cfa9c5f205d48d0e2b9993

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
LocalAlloc
WriteFile
LocalFree
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetStringTypeA
LCMapStringW
GetStringTypeW
MultiByteToWideChar
LoadLibraryA
LCMapStringA
HeapReAlloc
GetProcAddress
HeapAlloc
GetOEMCP
VirtualAlloc
GetCPInfo
RtlUnwind
GetACP
VirtualFree
HeapCreate
GetModuleHandleA
CloseHandle
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetEnvironmentStringsW
HeapFree
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy

user32

DispatchMessageA
GetMessageA
TranslateMessage
IsDialogMessageA
RegisterClassA
SendDlgItemMessageA
CreateDialogParamA
SetDlgItemTextA
LoadCursorA
GetDlgItemTextA
PostMessageA
PostQuitMessage
InvalidateRect
SetCursor
GetDlgItem
LoadIconA
GetDlgCtrlID
DefWindowProcA

gdi32

DeleteObject
SetTextColor
CreateSolidBrush
CreateFontA
SetBkMode

comctl32

ord17

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Emu/Mkshared.txt
Emu/NoWinIni.reg
Emu/Problems.txt
Emu/R49G0800.bmp
Emu/R49G0800.kml
Emu/R49G1024.bmp
Emu/R49G1024.kml
Emu/R49Gp1024.bmp
Emu/R49Gp1024.kml
Emu/R50g1024.bmp
Emu/R50g1024.kml
Emu/R50g800.bmp
Emu/R50g800.kml
Emu/ROM.48G
Emu/ROM.49G
Emu/ROMG+.49G
Emu/ROMG+.50G
Emu/ReadMe.txt
Emu/Real48gii.bmp
Emu/Real48gii.kml
Emu/Real49gp.bmp
Emu/Real49gp.kml
Emu/gpl.txt
Emu/jemac.bmp
Emu/jemac.kml
ReadMeFirst.txt
TextEx_A48.hp
TextEx_A49.hp
VersionInfo.txt
hptoolsdll.dll
.dll windows:5 windows x86 arch:x86

20569e1b2a474b47af0747285581f5f1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
HeapFree
EnterCriticalSection
LeaveCriticalSection
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
HeapAlloc
DeleteFileA
GetSystemTimeAsFileTime
GetCurrentThreadId
DecodePointer
GetCommandLineA
MultiByteToWideChar
ReadFile
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
HeapCreate
HeapDestroy
Sleep
GetProcAddress
GetModuleHandleW
ExitProcess
RtlUnwind
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
LCMapStringW
WriteConsoleW
SetFilePointer
SetStdHandle
CloseHandle
GetFileAttributesA
IsProcessorFeaturePresent
GetModuleFileNameW
GetTimeZoneInformation
GetCurrentProcessId
CreateFileA
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
HeapReAlloc
LoadLibraryW
CompareStringW
SetEnvironmentVariableA
GetStringTypeW
CreateFileW
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
SetEndOfFile
GetProcessHeap
HeapSize

Exports

Exports

_initdll@8
_makerom@8
_rplcomp@8
_sasm@8
_sload@8

Sections

.text
Size: 182KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 86KB - Virtual size: 355KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninst.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 132KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 151KB

.ndata Size: - Virtual size: 132KB

.rsrc Size: 31KB - Virtual size: 30KB

Password: infected

ed83f419402bc3b83a08e3aaf8b5b5b7

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 348B

.reloc Size: 1024B - Virtual size: 780B

Password: infected

fea237b37a91d4f35bea017986d8b230

Headers

File Characteristics

Imports

kernel32

crtdll

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 3KB

.bss Size: - Virtual size: 6KB

.rdata Size: 84B - Virtual size: 84B

.data Size: 160B - Virtual size: 160B

.idata Size: 840B - Virtual size: 840B

.reloc Size: 248B - Virtual size: 248B

.edata Size: 124B - Virtual size: 124B

Password: infected

a648aeaa164b592c1e8892a10400b5ae

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 296B

.reloc Size: 1024B - Virtual size: 518B

Password: infected

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 151KB

.ndata
Size: - Virtual size: 132KB

.rsrc
Size: 31KB - Virtual size: 30KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 348B

.reloc
Size: 1024B - Virtual size: 780B

.text
Size: 3KB - Virtual size: 3KB

.bss
Size: - Virtual size: 6KB

.rdata
Size: 84B - Virtual size: 84B

.data
Size: 160B - Virtual size: 160B

.idata
Size: 840B - Virtual size: 840B

.reloc
Size: 248B - Virtual size: 248B

.edata
Size: 124B - Virtual size: 124B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 296B

.reloc
Size: 1024B - Virtual size: 518B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

.text
Size: 13KB - Virtual size: 12KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 572B